Cyber conflict and international humanitarian law

Conflict in cyberspace refers to actions taken by parties to a conflict to gain advantage over their adversaries in cyberspace by using various technological tools and peoplebased techniques. In principle, advantages can be obtained by damaging, destroying, disabling, or usurping an adversary's computer systems ('cyber attack') or by obtaining information that the adversary would prefer to keep secret ('cyber espionage' or 'cyber exploitation'). A variety of actors have access to these tools and techniques, including nation-states, individuals, organized crime groups, and terrorist groups, and there is a wide variety of motivations for conducting cyber attacks and/ or cyber espionage, including financial, military, political, and personal. Conflict in cyberspace is different from conflict in physical space in many dimensions, and attributing hostile cyber operations to a responsible party can be difficult. The problems of defending against and deterring hostile cyber operations remain intellectually unresolved. The UN Charter and the Geneva Conventions are relevant to cyber operations, but the specifics of such relevance are today unclear because cyberspace is new compared to these instruments.

About the author

Herbert LinChief Scientist at the Computer Science and Telecommunications Board of the National Research Council (NRC)

Dr Herbert Lin is Chief Scientist at the Computer Science and Telecommunications Board of the National Research Council (NRC), where he has also been Study Director of major projects on public policy and information technology. He was co-editor of the NRC’s 2009 report Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities,1 and a 2010 NRC study on cyber deterrence, Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy.